Skip to main content

Windows

Pre-requisites

Check that the host you want to monitor is a supported host type.

Windows host monitoring is possible from a DBmarlin server running Windows or Linux

DBmarlin supports monitoring of Windows hosts remotely via Windows Management Instrumentation (WMI). This requires that the target Windows host is remotely accessible over the network.

Permissions on DBmarlin Tomcat Windows Service (for Windows-based DBmarlin server only)

By default the "DBmarlin Tomcat" Windows Service runs as the Local System account but in order for the DBmarlin sensor to connect to a remote Windows server you need to run the "DBmarlin Tomcat" Windows Service as a Windows Account in the Local Administrator Group.

Adding the Host Target

This is done through the User Interface using the Add Host screen

Creating a user with Windows Management Instrumentation (WMI) permissions

  1. Create a user account:

    1. Go to Windows Start > Administrative Tools > Computer Management. The Computer Management window opens.
    2. Expand Local Users and Groups.
    3. Right-click the Users folder and select New User.
    4. Complete the user details and click Create and Close.
  2. Configure the group membership for the new user account:

    1. In the Computer Management window, select the Users folder.
    2. Right-click the new user account and select Properties.
    3. Click the Member Of tab.
    4. Click Add.
    5. Click Advanced.
    6. Click Find Now.
    7. Select the following groups:
      1. Distributed COM Users
      2. Performance Log Users
      3. Performance Monitor Users
      4. Remote Desktop Users
    8. Click OK until you return to the Computer Management window.
    9. Select File > Exit to exit the Computer Management window.
  3. Assign Distributed Component Object Model (DCOM) rights:

    1. Go to Windows Start > Administrative Tools > Component Services. The Component Services window opens.
    2. Expand Component Services > Computers > My Computer.
    3. Right-click My Computer and select Properties. The My Computer Properties window opens.
    4. Click the COM security tab.
    5. In the Access Permissions area, click Edit Limits
    6. In Distributed COM Users, verify that Local Access and Remote Access are selected.
    7. Click OK to save settings.
    8. In the My Computer Properties window, Launch and Activation Permissions area, click Edit Limits
    9. In Distributed COM Users, verify that Local Launch, Remote Launch, Local Activation, and Remote Activation are selected.
    10. Click OK to save settings and click OK again to close the My Computer Properties window.
    11. Select File > Exit to exit the Component Services window.
  4. Configure the WMI namespace security assignments

    1. Go to Windows Start > Run....
    2. Enter wmimgmt.msc and click OK.
    3. Right-click WMI Control (Local) and select Properties.
    4. Click the Security tab.
    5. Click Security.
    6. Click Add.
    7. Click Advanced.
    8. Click Find Now.
    9. Select the new user account, and click OK until you return to the Security for Root window.
    10. Click Advanced and select the newly added user account.
    11. Click Edit.
    12. From the Apply to: menu selection, select This namespace and subnamespaces.
    13. In Execute Methods, verify that Enable Account, Remote Enable, and Read Security are selected.
    14. Click OK until you return to the wmimgmt window.
    15. Select File > Exit to exit the wmimgmt window.

Further information on WMI

For more guidance on connectivity see the Microsoft Documentation:

  1. Connecting to WMI on a Remote Computer.
  2. Setting up a Remote WMI Connection.

Troubleshooting WMI

  • Error=800706BA The RPC server is unavailable. SWbemLocator
    • Check that "DBmarlin Tomcat" Windows Service is running as a Windows Account in the Local Administrator Group.
  • Error=80070005 Access is denied SWbemLocator
    • Check that "DBmarlin Tomcat" Windows Service is running as a Windows Account in the Local Administrator Group.
  • NTSTATUS: NT code 0x80041017 Possible causes include:
    • Missing WMI classes
      • In cmd window on the target host try running %windir%\system32\wbem\wmiadap.exe /f
    • Broken performance counters
      • In cmd window on the target host try running lodctr /r
    • Performance counters are disabled in the registry
      • Check the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfProc\Performance or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfDisk\Performance is set so that “Disable Performance Counters” is set to 0, so that it is enabled.
  • NT_STATUS_ACCESS_DENIED - Access denied
    • Check that the username and password you entered are correct for the remote Windows host.
  • NTSTATUS: NT_STATUS_HOST_UNREACHABLE
    • Check the host name or IP address that you entered is correct and it can be reached over the network.
  • Other things that could affect connectivity
    • Windows firewall may need to allow WMI.
      • /img/wmi-windows-firewall.jpg
    • Make sure any other intermediate firewalls are open.
    • In Cloud environments like AWS you need to consider the VPC and security groups.
    • DNS name resolution - make sure the host name can be resolved to the correct IP address
  • If all else fails, try rebooting Windows server.